Configuring Single Sign-On for Zoom With WSO2 Identity Server
In the wake of remote working, Zoom has become one of the most
essential tools for video conferencing. This blog discusses how you can
configure single sign-on (SSO) for Zoom with WSO2 Identity Server
When SSO is configured and enabled for your organization on Zoom, it
allows your employees to login using the organization's WSO2 Identity
Server user credentials. The users need not have separate user accounts
on Zoom. Zoom SSO (based on SAML 2.0) will automatically provision the
users based on the SAML response from WSO2 Identity Server.
Furthermore, this allows identity admins to create users, update user information, and deactivate users in Zoom via WSO2 Identity Server.
The initial authentication flow for a user would be as follows after the configuration:
I will now explain how to configure WSO2 Identity Server and Zoom,
and how to test the configuration. Before you begin, please make sure
that you have the following:
- Zoom owner or admin privileges
- Business or Education account with approved Vanity URL
- WSO2 Identity Server admin privileges
Configuring WSO2 Identity Server
Before Zoom can send requests to WSO2 Identity Server, the Zoom
client must be added as a service provider on WSO2 Identity Server. To
register Zoom as a service provider in WSO2 Identity Server, simply
follow these steps:
- On the Main menu, click Identity > Service Providers > Add
- Fill in the Service Provider NameDescription (optional) of the service provider as follows
- Click Register to add the new service provider
- Next, enter a suitable name for the service provider in the Service Provider Name text box
We need to configure the claims for the service provider on WSO2
Identity Server configurations. First, click on the claim Configuration
From the expanded menu, set the Claim Mapping Dialect to Use Local Claim Dialect and click on Add Claim URI that is against the Requested Claims field.
Inbound Authentication Configuration
Under the Inbound Authentication Configuration section, click SAML2 Web SSO Configuration and click on Configure.
Select Manual Configuration and enter the required details as given below:
After entering the details, click on Download IDP Metadata and Register at the bottom.
Save the IdP metadata file since it is required for the Zoom configuration.
You will be prompted with the above SAML SSO configuration page. Fill in the fields with the details from the IdP metadata file:
- First, open the IdP metadata file downloaded earlier and find the SingleSignOnService Location, SingleLogoutService Location, and X509Certificate values.
- In the Sign-in page URL. text box, paste the SingleSignOnService Location. value from the IdP metadata file.
- In the x.509 Certificate. text box, paste the X509Certificate. value from the IdP metadata file. (Note: Remove the Begin Certificate. and End Certificate.).
- From the Service Provider (SP) Entity ID. drop-down list, select the https. URL.
- In the Issuer (IDP Entity ID.) text box, paste the entityID. value from the IdP metadata file.
- For Binding, select http-post or http-redirect.
- Select the default user type (Basic or Pro) accordingly.
Mapping Basic Information
The first section of this page covers Basic SAML Information Mapping.
Add the Source Attribute listed below for the corresponding value. This should be identical to the claim URIs we previously configured in WSO2 Identity Server.
Testing the Integration
To start, all SSO users need to access https://yourcompany.zoom.us
to login using a browser, or if you log in from the desktop or mobile
client, you need to enter the domain name of your vanity URL under SSO login.
Then, you will be redirected to WSO2 Identity Server
for authentication. Upon successful authentication, the user would be signed in to the respective Zoom account.
Previously published at https://medium.com/@htamahc/configuring-single-sign-on-for-zoom-with-wso2-identity-server-fdac62566c0a
Subscribe to get your daily round-up of top tech stories!